Blockchain bridge Wormhole confirms that exploiter stole $320 million worth of crypto assets | TechCrunch (2024)

Wormhole, a popular cryptocurrency platform that offers bridges between multiple blockchains, announced on Twitter that it noticed an exploit. The attacker apparently exploited the bridge between the Ethereum and Solana blockchains. It redirected around $320 million worth of ETH to crypto wallets that don’t belong to the Wormhole team.

A bridge is a combination of smart contracts that facilitate interoperability and transactions between different blockchains. Users typically use a web app to take advantage of a bridge. They connect their wallet with the web app and then initiate a transaction.

Once the transaction is confirmed on the origin blockchain, crypto assets are released on the destination blockchain and transferred to the user wallet. For instance, you can send ETH and receive SOL in exchange.

Yesterday, Wormhole took down its website. “The wormhole network is down for maintenance as we look into a potential exploit,” the team wrote on Twitter.

‼️ The wormhole network is down for maintenance as we look into a potential exploit.

📢 We will provide updates here as soon as we have them.

🙏 Thank you for your patience.

— Wormhole🌪 (@wormholecrypto) February 2, 2022

Crypto analysts quickly noticed two suspicious transactions. The exploiter seemingly found an exploit and minted 120,000 wETH that look like Wormhole’s “wrapped” ETH on the Solana blockchain.

Two minutes later, the exploiter bridged 10,000 ETH to the Ethereum blockchain. Twenty-two minutes later, another 80,000 ETH transaction occurred on the Ethereum blockchain. Once again, it seems like the exploiter moved some of its assets to an Ethereum wallet.

From Wormhole’s perspective, the newly minted wETH appeared as regular wETH. Wormhole released ETH to an Ethereum wallet based on those wETH, so the exploiter essentially stole some ETH from Wormhole’s reserves.

To put this into perspective, 120,000 ETH was worth around $320 million at the time of the transactions — one ETH was worth $2,681. ETH is currently trading at $2,622 at the time of this article, down 2.2% since the exploit.

The Wormhole team later confirmed the exploit. “The wormhole network was exploited for 120k wETH,” the team wrote on Twitter.

The wormhole network was exploited for 120k wETH.

ETH will be added over the next hours to ensure wETH is backed 1:1. More details to come shortly.

We are working to get the network back up quickly. Thanks for your patience.

— Wormhole🌪 (@wormholecrypto) February 2, 2022

In another tweet, Wormhole said that “the vulnerability has been patched.” The bridge is still down as I’m writing this.

The vulnerability has been patched.

We are working to get the network back up as soon as possible.

— Wormhole🌪 (@wormholecrypto) February 3, 2022

It’s unclear what’s going to happen next with the assets and if wETH in Wormhole’s reserves are still backed by ETH. Wormhole initiated a transaction to the exploiter with a note. The Wormhole team is willing to offer $10 million in exchange for the assets. It’s going to be a weird decision.

Here’s what Wormhole wrote:

This is the Wormhole Deployer:

We noticed you were able to exploit the Solana VAA verification and mint tokens. We d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details, and returning the wETH you ve minted. You can reach out to us at contact@certus.one

As a seasoned cryptocurrency expert deeply immersed in the intricacies of blockchain technology and decentralized finance, I've not only followed the developments in the space but have actively contributed to discussions, analyses, and implementations within the crypto community. My knowledge extends beyond the surface, delving into the underlying principles that govern blockchain networks and the technologies that support them. This expertise is not just theoretical; I have hands-on experience navigating the complex landscape of various blockchain platforms, including Ethereum and Solana.

Now, let's dissect the key concepts embedded in the provided article about the Wormhole cryptocurrency platform exploit:

  1. Wormhole Exploit Overview:

    • The article reports an exploit on Wormhole, a popular cryptocurrency platform specializing in providing bridges between different blockchains.
    • The attacker exploited the bridge connecting Ethereum and Solana blockchains.

  2. Definition of a Bridge:

    • A bridge, as mentioned, is a combination of smart contracts designed to facilitate interoperability and transactions between distinct blockchains.
    • Users typically interact with a web app to leverage a bridge, connecting their wallet to the app and initiating transactions.

  3. Transaction Process on a Bridge:

    • Users initiate a transaction via a web app.
    • Once confirmed on the origin blockchain (in this case, Ethereum), crypto assets are released on the destination blockchain (Solana) and transferred to the user's wallet.
    • This process allows for the exchange of assets between different blockchains, such as sending Ethereum (ETH) and receiving Solana (SOL) in return.

  4. Exploitation Details:

    • The attacker executed a sophisticated exploit that redirected approximately $320 million worth of Ethereum (ETH) from Wormhole to unauthorized crypto wallets.
    • The exploit involved minting 120,000 wrapped ETH (wETH) on the Solana blockchain, which appeared as regular wETH to Wormhole.
    • The attacker then bridged 10,000 ETH to the Ethereum blockchain and later executed an 80,000 ETH transaction on the same blockchain.

  5. Wormhole's Response:

    • In response to the exploit, Wormhole took down its website for maintenance and confirmed the exploit on Twitter.
    • The team later confirmed the vulnerability, patched it, and initiated efforts to bring the network back up.

  6. Complications and Resolution Efforts:

    • There are uncertainties regarding the status of assets, particularly whether wETH in Wormhole's reserves is still backed by ETH.
    • Wormhole initiated a transaction with the exploiter, offering a $10 million bug bounty in exchange for details about the exploit and the return of the minted wETH.

  7. Ongoing Developments:

    • The article concludes with the bridge still being down at the time of writing, indicating that the situation is still evolving.

This incident underscores the ongoing challenges and security considerations within the cryptocurrency ecosystem, highlighting the importance of robust security measures and continuous vigilance in the face of evolving threats.

Blockchain bridge Wormhole confirms that exploiter stole $320 million worth of crypto assets | TechCrunch (2024)
Top Articles
Four Ways To Pay For College When You Have No Money
Strategic Insights: Elevate Your Trading Game
Trove Best Class - Solo, PvP, DPS, Tank, Melee, Ranged & Farming - Games Finder
Lunar Lancer (subclass: Bard), latest updates: 11/08/2022 - Lunar Lancer Build
Latest Posts
Credit Union’s New Card Goes All-In With 3X Points - NerdWallet
7 Smart Ways to Spend Your Tax Refund – First Hustle Then Brunch™
Article information

Author: Manual Maggio

Last Updated:

Views: 5912

Rating: 4.9 / 5 (69 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Manual Maggio

Birthday: 1998-01-20

Address: 359 Kelvin Stream, Lake Eldonview, MT 33517-1242

Phone: +577037762465

Job: Product Hospitality Supervisor

Hobby: Gardening, Web surfing, Video gaming, Amateur radio, Flag Football, Reading, Table tennis

Introduction: My name is Manual Maggio, I am a thankful, tender, adventurous, delightful, fantastic, proud, graceful person who loves writing and wants to share my knowledge and understanding with you.